From 5f019706ee031c5d2049d0978fdcb0b546716823 Mon Sep 17 00:00:00 2001
From: Michael Haeckel <haeckel@kde.org>
Date: Wed, 22 Aug 2001 17:40:49 +0000
Subject: [PATCH] Don't render HTML in attachment descriptions. Patch by Daniel
 Naber.

svn path=/trunk/kdenetwork/kmail/; revision=111373
---
 kmmainwin.cpp   | 9 ++++++++-
 kmreaderwin.cpp | 9 +++++----
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/kmmainwin.cpp b/kmmainwin.cpp
index 4ecdb3a10..c7d3071ea 100644
--- a/kmmainwin.cpp
+++ b/kmmainwin.cpp
@@ -515,7 +515,14 @@ void KMMainWin::statusMsg(const QString& aText)
   while (!text.isEmpty() && fontMetrics().width( text ) >= statusWidth)
     text.truncate( text.length() - 1);
 
-  mStatusBar->changeItem( text, mMessageStatusId);
+  // ### FIXME: We should disable richtext/HTML (to avoid possible denial of service attacks), 
+  // but this code would double the size of the satus bar if the user hovers
+  // over an <foo@bar.com>-style email address :-(
+//  text.replace(QRegExp("&"), "&amp;");
+//  text.replace(QRegExp("<"), "&lt;");
+//  text.replace(QRegExp(">"), "&gt;");
+
+  mStatusBar->changeItem(text, mMessageStatusId);
 }
 
 
diff --git a/kmreaderwin.cpp b/kmreaderwin.cpp
index 4aeb9cb5c..f6446e996 100644
--- a/kmreaderwin.cpp
+++ b/kmreaderwin.cpp
@@ -904,7 +904,7 @@ void KMReaderWin::writeBodyStr(const QCString aStr, QTextCodec *aCodec)
 
       /* HTMLize signedBy data ### FIXME: use .arg()*/
       QString sdata=pgp->signedBy();
-      sdata.replace(QRegExp("\""), "&quot;");
+      sdata.replace(QRegExp("&"), "&amp;");
       sdata.replace(QRegExp("<"), "&lt;");
       sdata.replace(QRegExp(">"), "&gt;");
 
@@ -1046,7 +1046,7 @@ void KMReaderWin::writePartIcon(KMMessagePart* aMsgPart, int aPartNum)
   kdDebug(5006) << "writePartIcon: PartNum: " << aPartNum << endl;
 
   comment = aMsgPart->contentDescription();
-  comment.replace(QRegExp("\""), "&quot;");
+  comment.replace(QRegExp("&"), "&amp;");
   comment.replace(QRegExp("<"), "&lt;");
   comment.replace(QRegExp(">"), "&gt;");
 
@@ -1054,7 +1054,7 @@ void KMReaderWin::writePartIcon(KMMessagePart* aMsgPart, int aPartNum)
   if (fileName.isEmpty()) fileName = aMsgPart->name();
   label = fileName;
       /* HTMLize label */
-  label.replace(QRegExp("\""), "&quot;");
+  label.replace(QRegExp("&"), "&amp;");
   label.replace(QRegExp("<"), "&lt;");
   label.replace(QRegExp(">"), "&gt;");
 
@@ -1161,7 +1161,8 @@ QString KMReaderWin::strToHtml(const QString &aStr, bool aPreserveBlanks) const
         continue;
       }
     }
-    if (ch=='<') result += "&lt;";
+    if (ch=='&') result += "&amp;";
+    else if (ch=='<') result += "&lt;";
     else if (ch=='>') result += "&gt;";
     else if (ch=='\n') {
       result += "<br>";